proxy-arp

spire2z · May 6, 2005, 12:04am

Have been experimenting with proxy-arp in order to use some public addresses behind the NAT mikrotik setup. I have a public address assignment of 12 public ip’s and one assigned to the Mikrotik router with another 2 interfaces with private addresses in 255.255.255.0 subnet. I tried enabling the proxy-arp on the local interface I was connected to and setup my client pc to the public address using the subnet and gateway of the router and was getting ip confilicts on my client pc authogh I know the address is not in use? I have tried enabling proxy-arp on both and either interface and no combination works. is there a further configuration I have missed as it gives little details in the docs and I can’t find anything solid in the forums either. I have used proxy-arp before under Linux and had it working fine but then I would enter the server address including the public and local interface and configure the client with the ip specified and gateway of backhaul isp using the subnet mask of the local interface? Can anybody help me to do this with Mikrotik as it don’t work simply enabling proxy-arp?

IntraLink · May 8, 2005, 1:56am

I think whatever interface you enable proxy-arp on is going to reply to ARPs for all IP’s on all subnets assigned to that interface.

Maybe that is your problem?

I guess you should isolate one interface only facing your providor and assign it one of the public IP’s only and enable proxy-arp. That way it will only respond as ALL of those IP’s in the same subnet to arp requests it sees.

spire2z · May 8, 2005, 10:30am

Thanks for the info. I think I tried that but I will give it another go anyway.

spire2z · May 11, 2005, 6:18pm

No can’t get it to work

IntraLink · May 15, 2005, 1:57pm

I believe you need to assign the SAME IP to both the external and internal interface and then enable proxy-arp on the outside interface. If you are not bridged layer two internally then you probably need to proxy-arp the internal interface as well.

Let us know if that works for you, or what is happening.
Any way you can add a hub to the network in front or behind and plug in a computer running ethereal to see the ARP packets etc?

maximan · May 16, 2005, 2:09pm

Please read this

http://leaf.sourceforge.net/doc/howto/proxyarp.html

It is an example of proxy arp with documentation.
Maxi

GJS · May 16, 2005, 5:15pm

The bit that is left out of the manual is that the interface with proxy-ARP enabled will respond to requests, if the IP address exists in the routing table. You need a routing table entry to tell the interface that responded to the request what to do with the packet once it receives it. In this case, forward it to the local interface. If you want to use the public address of the MT as your gateway, you will also need ARP enabled on the local interface.

Check this topic:

http://forum.mikrotik.com//viewtopic.php?p=2010&highlight=#2010

Hope that helps.